Google says "me too," offering $3,000+ bounty for Chrome bugs

Several days ago, Mozilla announced that it would pay developers and hackers $3,000 for every reproducible, critical security flaw found in its FireFox web browser. Yesterday, Google has announced that it will pay $3,133.70 for critical security bugs found in its Chrome web browser. Bravo to Google for their ability to sneak 31337 (eleet) into their bug bounty payout. Google’s pay-per-bug program looks like this:

The maximum reward for a single bug has been increased to $3,133.7. We will most likely use this amount for SecSeverity-Critical bugs in Chromium. The increased reward reflects the fact that the sandbox makes it harder to find bugs of this severity.

Whilst the base reward for less serious bugs remains at $500, the panel will consider rewarding more for high-quality bug reports. Factors indicating a high-quality bug report might include a careful test case reduction, an accurate analysis of root cause, or productive discussion towards resolution.